Activities of Frances FITZGERALD related to 2020/0268(COD)
Plenary speeches (1)
Digital finance: Digital Operational Resilience Act (DORA) - Digital Finance: Amending Directive regarding Digital Operational Resilience requirements (debate)
Amendments (12)
Amendment 41 #
Proposal for a directive
Recital 7
Recital 7
(7) In particular, in order to allow for the development of crypto-assets that would qualify as financial instruments and DLT, while preserving a high level of financial stability, market integrity, transparency and investor protection, it would be beneficial to create a temporary regime for DLT market infrastructures. This temporary legal framework should allow competent authorities to temporarily permit DLT market infrastructures to operate under an alternative set of requirements with regard to access to them compared to those otherwise applicable under the Union financial services legislation that could prevent them from developing solutions for the trading and settlement of transactions of crypto-assets that would qualify as financial instruments. This legal framework should be temporary in order to enable the European Supervisory Authorities (ESAs) and the national competent authorities to gain experience on the opportunities and specific risks crelated byto crypto-assets traded on those infrastructures. The experience gained with the pilot regime is intended to identify possible practical proposals for a suitable regulatory framework in order to make targeted adjustments to existing Union law regulating the issuance, safekeeping and asset servicing, trading and settlement of financial instruments based on DLT. This Directive is consequently accompanying Regulation [on a pilot regime for market infrastructures based on distributed ledger technology] by supporting this new Union regulatory framework on DLT market infrastructures with a targeted exemption from specific provisions of Union financial services legislation applying to activities and services in relation to financial instruments as defined in point (15) of Article 4(1) of Directive 2014/65/EU that would otherwise not offer the full flexibility required when deploying solutions in the trading and post trading stages of transactions involving crypto- assets.
Amendment 42 #
Proposal for a directive
Recital 8
Recital 8
(8) A DLT multilateral trading facility should be a multilateral system, operated by an investment firm or a market operator authorised under Directive 2014/65/EU, that has received a specific permission under Regulation (EU) xx/20xx of the European Parliament and of the Council27 [Proposal for a regulation on a pilot regime on DLT market infrastructure]. DLT multilateral trading facilities should be subject to all the requirements applicable to a multilateral trading facility under that Directive, except if it were to be granted an exemption by its national competent authority in accordance with this Directive. One potential regulatory barrier to the development of a multilateral trading facility for transferable securities issued on a DLT could be the obligation of intermediation set out in Directive 2014/65/EU. A traditional multilateral trading facility can only admit as members and participants investment firms, credit institutions and other persons who have a sufficient level of trading ability and competence and who dispose of appropriate organisational arrangements and resources. For the purpose of ensuring high levels of market integrity, investor protection and financial stability, the DLT transferable securities admitted to trading on a DLT multilateral trading facility should remain subject to the provisions prohibiting market abuse in Regulation (EU) No 596/2014 (the Market Abuse Regulation). A DLT multilateral trading facility should be allowed to request a derogation from such an obligation so that is can provide retail investors with easy access to the trading venue, provided that adequate safeguards are in place in terms of investor protection. _________________ 27 [full title] (OJ L […], […], p. […]).
Amendment 44 #
Proposal for a directive
Recital 9
Recital 9
(9) Directive (EU) 2015/2366 on payment services sets out specific rules on ICT security controls and mitigation elements for the purposes of authorisation to perform payment services. Those authorisation rules should be amended in order to align them with to Regulation (EU) 2021/xx [DORA]. Furthermore, the incident notification rules in that Directive should not apply to ICT-related incident notifications that Regulation (EU) 2021/xx [DORA] fully harmonisecredit institutions, payment institutions and e-money institutions which have to comply with fully harmonised reporting obligations under Chapter III of Regulation (EU) 2021/xx [DORA]. In order to reduce the administrative burden and avoid complexity and duplicative reporting requirements for payment service providers that fall within the scope of Regulation (EU) 2021/xx [DORA], the incident reporting requirements under Directive (EU) 2015/2366 should cease to apply, creating a single incident reporting mechanism for payment service providers for all operational or security payment- related and non-payment related incidents.
Amendment 47 #
Proposal for a directive
Article 3 – paragraph 1 – point 1
Article 3 – paragraph 1 – point 1
4. Insurance and reinsurance undertakings shall take reasonable steps to ensure continuity and regularity in the performance of their activities, including the development of contingency plans. To that end, the undertaking shall employ appropriate and proportionate systems, resources and procedures and shall set upemploy appropriate and proportionate information and communication technology systems and manage them in accordance with Article 6 of Regulation (EU) 2021/xx of the European Parliament and of the Council* [DORA].’;
Amendment 48 #
Proposal for a directive
Article 4 – paragraph -1 (new)
Article 4 – paragraph -1 (new)
Directive 2011/61/EC
Article 6 – paragraph 4 – point b – subpoint iii a (new)
Article 6 – paragraph 4 – point b – subpoint iii a (new)
-1 In Article 6(4) of Directive 2011/61/EU, the following point is added to point b: 'iii a) any other ancillary service where the ancillary service represents a continuation of the services already undertaken by the AIFM or a use of internal competences, and does not create conflicts of interest that could not be managed by additional rules.'
Amendment 49 #
Proposal for a directive
Article 5 – paragraph -1 (new)
Article 5 – paragraph -1 (new)
Directive 2013/36/EU
Article 65 – paragraph 3 – point a – subpoint vi
Article 65 – paragraph 3 – point a – subpoint vi
-1 In Article 65(3) of Directive 2013/36/EU, subpoint (vi) of point (a) is replaced by the following: "(vi) third parties to whom the entities referred to in points (i) to (iv) have outsourced operationalcritical or important functions or activities; , including ICT-third party service providers in accordance with Article 27 (2) of Regulation (EU) 2021/xx of the European Parliament and of the Council [DORA]*;" Or. en (02013L0036-20201229)
Amendment 50 #
Proposal for a directive
Article 5 – paragraph -1 a (new)
Article 5 – paragraph -1 a (new)
Directive 2013/36/EU
Article 85 – paragraph 1
Article 85 – paragraph 1
-1 a In Article 85 of Directive 2013/36/EU, paragraph 1 is replaced by the following: "1. Competent authorities shall ensure that institutions implement policies and processes to evaluatemonitor and manage the exposures to operational risk, including model risk and risks resulting from outsourcing, and to cover low-frequency high-severity events. Institutions shall articulate what constitutes operational risk for of critical or important functions and ICT risk in accordance with Regulation (EU) 2021/xx of the pEurposes of those policies and procedures. opean Parliament and of the Council [DORA], and to cover low-frequency high- severity events." Or. en (02013L0036-20201229)
Amendment 53 #
Proposal for a directive
Article 6 – paragraph 1 – point 5 – point a
Article 6 – paragraph 1 – point 5 – point a
Directive 2014/65/EU
Article 47 – paragraph 1 – point (b)
Article 47 – paragraph 1 – point (b)
(b) to be adequately equipped to manage the risks to which it is exposed, including to manage risks to the ICT systems and tools in accordance with Article 6 of Regulation (EU) 2021/xx [DORA]*, to implement appropriate arrangements and systems for identifying all significant risks to its operation, and to put in place effective measures to mitigate those risks.;
Amendment 54 #
Proposal for a directive
Article 7 – paragraph 1 – point 1 a (new)
Article 7 – paragraph 1 – point 1 a (new)
Directive (EU) 2015/2366
Article 20 – paragraph 1
Article 20 – paragraph 1
(1 a) In Article 20, paragraph 1 is replaced by the following: "1. Member States shall ensure that, where payment institutions rely on ICT third parties for the performance of operational functioncritical or important functions or activities, those payment institutions take reasonable steps to ensure that the requirements of this Directive are complied with. nd of Chapter V of Regulation (EU) 2021/xx of the European Parliament and of the Council* [DORA] are complied with." Or. en (02015L2366-20151223)
Amendment 58 #
(c a) the following paragraph is added: '5a. Member States shall exempt payment service providers referred to in points (a), (b) and (d) of Article 1 (1) that are required to report operational or security payment-related and non-payment related incidents under Regulation (EU) 2021/xx [DORA], from the application of paragraphs 1 to 5 of this Article.'
Amendment 61 #
Proposal for a directive
Article 8 – paragraph 1
Article 8 – paragraph 1
Directive (EU) 2016/2341
Article 21– paragraph 5 – second sentence
Article 21– paragraph 5 – second sentence
To that end, IORPs shall employ appropriate and proportionate systems, resources and procedures and shall set upemploy ICT systems and tools and manage them in accordance with Article 6 of Regulation (EU) 2021/xx of the European Parliament and of the Council* [DORA].
Amendment 62 #
Proposal for a directive
Article 9 – paragraph 1 – introductory part
Article 9 – paragraph 1 – introductory part
1. Member States shall adopt and publish, by [one year24 months after adoption] at the latest, the laws, regulations and administrative provisions necessary to comply with this Directive. They shall forthwith communicate to the Commission the text of those provisions.